Your web browser doesn't support some required capabilities.

This interactive demo works best with the latest version of Chrome, Firefox, or Safari.


An error occurred. Please reload the page or try a different browser.



Unable to initialize the simulation player:

Please reload the page or try a different browser.


This is an interactive demo

Drive it with your mouse, your finger, or just use the arrow keys.

Use Learn mode to learn the demo. The orange boxes show where to click.

Use Present mode to hide the orange boxes and notes.

Click a Shortcut to jump to a specific part of the demo.

Hide notes
Restore notes
Open notes window
Increase font size
Decrease font size

NSX Datacenter

In this demo you will see how NSX is able to provide native container networking.  More specifically - the ability to assign a unique IP address per container, the ability to provide routing services to the container, as well as security and operations/troubleshooting across VMs and containers.  Ultimately leading to a model where containers are promoted and treated the way admins and operations handle VMs today.  Follow along to see a single NSX network fabric that supports bare-metal, containers, and virtual machines communicating at layer 3. 

Verify Environment

NSX Configuration

To verify the information shown in the vSphere client, next we will take a look through NSX Manager at the various components that have been configured based on the current state of the environment.

  1. Click the Firewall button in the NSX Manager GUI
  2. Click the minimize button on "Infra-Rules"
  3. Click the expand button on "Cordsshop-IntraAppMicroseg"
  4. Verify the current VM based rules
  5. Click the Fabric tab in the NSX Manager GUI
  6. Verify current setup
    • 3x ESXi Nodes (dfwesx01, dfwesx02, dfwesx03)
    • Ubuntu Bare Metal Node (dfw_bare_metal)
  7. Click the Inventory tab
  8. Click the cordssshop-db NSGroup
  9. Click Membership Criteria
    • Tag = mysql
    • Scope = app
  10. Click Members
  11. Click the Select Object Type drop-down
  12. Click IP Address
  13. Verify current setup
    • 6x mySQL DB VMs
  14. Click Routing

Deploy Cordsshop App Service Into PKS

Now that we are familiar with the environment from the vSphere client and NSX manager, next we will deploy the application service using the Pivotal Container Service.  This is a prime example of the network automation benefits with NSX container networking, as the application is deployed from the Kubernetes command line, the appropriate Logical Ports, Logical Switches, and Logical Routers are automatically created and configured based on the application specification.  NSX also includes a native load-balancer, and this LB supports functioning as the Kubernetes Ingress.

Press any key to type, and press Enter to run CLI commands

Deploy application

  1. Press TAB to switch to developer console/CLI
  2. Type to verify current namespace configuration
  3. Type to view cordsshop app-server-deployment.yaml
  4. Click to scroll up and view the entire YAML specification
    • Note namespace information, app details, db details, container port, service definition, ingress configuration
  5. Click to scroll down
  6. Click again to scroll all the way back down
  7. Type to deploy app-server-deployment.yaml
  8. Type to issue watch command on container being built
    • Note the status goes from ContainerCreating --> Running

Verify NSX configuration

  1. Press TAB to switch to NSX Manager
  2. Click Refresh on the Logical Routers
  3. Verify pks cordsshop LR creation
  4. Click Switching
  5. Verify pks cordsshop LS creation
  6. Click pks cordsshop Logical Switch
  7. Click Related
  8. Click Ports
  9. Verify pks cordsshop logical port creation (connected to the container built during previous step)
  10. Click the Firewall tab
  11. Click the minimize button on "Infra-Rules"
  12. Click the expand button on "Cordsshop-PKS"
  13. Verify ruleset details
  14. Click to scroll down and verify additional rules

NSX Operations and Troubleshooting

As mentioned previously, NSX aims to treat containers just like we treat virtual machines.  NSX delivers enterprise class container networking but doesn't stop there.  Now, lets take a look at the advanced security and enhanced operational benefits.  The unique and unified approach to VM to VM and Container to VM networking not only provides a consistency benefit, but also allows the tools and methologies that are already used in network admin and operations teams, to be releveraged when dealing with containers.

NSX Traceflow

  1. Click Tools
  2. Click the Type drop down
  3. Click and select Logical Port
  4. Click the Port drop down
  5. Type "cordsshop"
  6. Click the pks-cordsshop Logical Port
  7. Click the VM Name drop down
  8. Click and select dfwmysql
  9. Click to expand Advanced Settings
  10. Click the Type drop down
  11. Click and select Type: TCP
  12. Click Source port and type: 10000 
  13. Click Destination port and type: 3306 
  14. Click Advanced to minimize
  15. Click Trace to begin the Traceflow
  16. Verify the hop by hop details in the trace diagram
    • Notice each object in data path is displayed (logical port, logical switch, logical router, object names, etc)
  17. Click to resize window, expanding the hop by hop results.
  18. Click to scroll down to see the entire hop by hop flow

(End of Demo)

How likely is it that you would recommend this demo to a friend or colleague?
Not at all likely Extremely likely
Thanks, we appreciate your feedback!
Copyright © 2018 VMware, Inc. All rights reserved.